But that’s not my angle—I’m interested in the human side, in how you get your employees to secure your organizations against these threats. With employee awareness on the brain, I wanted to look at the coming year through the lens of training and education.

Here are five trends I think will affect security and privacy awareness best practices and strategies among employees for 2017.

Giving the People What They Need

2017 will see an increase in hyper-targeted learning, led in part by a rise in popularity in user behavior analytics and ambient knowledge.

As Gartner analysts Matthew Cain and Stephen Kleynhans write, ambient knowledge is an algorithm-driven way of delivering customized information to users based on user activity. Most of us encounter ambient learning on a regular basis, as sites like Amazon and Netflix use this concept to deliver recommended content based on past actions.

In 2017, we will undoubtedly have more ways to know who’s doing what. These emerging technologies will give us more insight into the behavioral risks that exist in our organizations and greater ability to deliver the right content at the right length to the right people. The better aligned awareness content is to an organization’s unique risks, the more effective it will be.

Microlearning… Finally!

The popularity of microlearning will continue to grow as the most viable approach to combatting the “forgetting curve.” It’s about time!

Put simply, microlearning is the practice of delivering small bits of learning content over short periods of time. The theory behind microlearning presumes that learners have relatively short attention spans and will not learn anything sitting through hours of training at a time.

In practice, microlearning can also be built into an organization’s training deployment strategy to deliver training when it is most needed. Say, in the privacy awareness space, if an employee saves a sensitive document to an unsecure location, you could deploy a unit of microlearning (like a short video) to get them back on track. In this way, microlearning can bring a great amount of flexibility to an overall learning structure in terms of both training content length and delivery.

In response to this trend, awareness vendors will be expected to deliver learning content of varying lengths to fit the varied learning styles of users.

The NIST researchers found that the average user gets so tired of deploying security precautions and are so unconvinced that their actions matter that they willingly behave in ways that imperil both themselves and their organization. Anyone who has re-used a password, connected to an open public network for “just a minute,” or sent a work document to a personal e-mail address—and after all, isn’t that all of us?—knows what it is to feel “security fatigue.”

The challenge for those of us committed to overcoming security fatigue is to create arguments for security and privacy that are either so compelling or so easy to implement that there is no reason not to. How exactly this can be done remains to be seen, but I do believe that 2017 will see more creative ways to solve this problem than ever before.

They’re Coming After Your C-Suite

CEOs and other executives represent some of the most attractive targets for cybercriminals seeking sensitive data to sell on the black market, and they will continue to be big targets in 2017. Executives are the ultimate privileged users in most organizations; they have the highest level of access and knowledge about company networks and infrastructure.

It’s a real problem, for those with the metaphorical “keys to the kingdom” have immense pressures on their time and resources, making them susceptible to social engineering. All it takes is one errant click of a mouse to give an attacker access to an organization’s sensitive client data and other records.

The problem is these same folks are also too busy, too distracted and “too smart” to participate in conventional cybersecurity training. That’s why we expect to see a heavier focus on security and privacy awareness training tailored specifically to executives. Executives need to know the same security and privacy lessons as any other employee, but it has to be delivered in their language.

Privacy Served with a Side of Privacy

There will be an even greater focus on privacy concerns in the corporate world, with the GDPR coming down the pipe. Privacy by Design—mandated by the GDPR—will get worked into every software product and technical solution out there. This includes employee awareness.

Because the GDPR is far-reaching, I believe it will change the dialogue on the importance of privacy protection from the executive level down to the employee level. Put another way, we feel the GDPR will encourage privacy to be thought of as everyone’s responsibility, as it should.

This new discussion will be happening not just in companies that have already been in compliance with the data protection directive but also across companies of all industries.

Additionally, the GDPR in no uncertain terms calls for privacy awareness training. For example, article 39 section 1B makes an organization’s data protection officer responsible for assigning “awareness-raising and training of staff involved in processing operations.” With this much regulatory pressure, organizations will be well served to bake privacy concerns into all they do or pay the consequences.

One thing that we see as more certain, though, is that the next attacks will circumvent technological safeguards and seek ways to exploit human weakness. For all that changes, one thing will remain the same: cybercriminals will keep coming up with new ways to trick your employees.

Is your workforce prepared?

About the Author:Tom Pendergast is the chief architect of MediaPro’s Adaptive Architecture™ approach to analyze, plan, train, and reinforce to deliver comprehensive awareness programs in the areas of information security, privacy, and corporate compliance. Tom Pendergast has a Ph.D. in American Studies from Purdue University and is the author or editor of 26 books and reference collections. Tom has devoted his entire career to content and curriculum design, first in print, as the founder of Full Circle Editorial, then in learning solutions with MediaPro.

Editor’s Note:The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.